So ZASS did its scheduled deep scan (every 6 months), all went well, but it found the following. I add comments with data and questions.

File name: necflash_windows.zip
An utility to flash the firmware of certain optical drives, that I downloaded and stored on purpose.

Virus name: not-a-virus:RiskTool.Win32.FirmwareFlash.a
I know the tool goes about flashing firmwares, and I know flashing poses certain risks. Is this telling anything more, or different?

Type: Virus
Wasn't it a "not-a-virus"? So is it definitely about an infection, and not the file itself in its intended state? Or is the "file itself in its intended state" being considered a "virus" for better or worse reasons?

Risk: Information
Does this mean that the infection or file would attempt to steal information for instance?

Treatment: Action required
If I tick the detection checkbox, the buttons "Treat", "Ignore once" and "Ignore always" become clickable (not grayed out). So the detection hasn't got "automatic treatment", that is enabled in the "Scan Options". Does this mean that it isn't being detected as malicious, only as risky?

Path: E:\Regrabadora\LiteOn iHAS120 X\necflash_windows.zip
E: is a logical drive of the hard disk where I store anything that I consider worth. It also contains some manual backups (like a copy of my Outlook.pst file). I back up its contents to external media from time to time.

So in essence, I don't know if ZA has detected a risky but not malicious tool, or a malicious infection in one of my tools, or a tool that has malicious behaviour in itself.